The popular log analysis system Splunk has been facing more and tougher competition with each passing month. Earlier this year, it was from the open source Graylog2. Now comes a new rev of yet another competing product, Logstash.

The Java-based system is built on top of Elasticsearch, an open source search engine technology that's been put to use by everyone from Netflix to Github. With Logstash, any data that carries a timestamp of some kind can be considered log data and can be ingested and processed according to user-defined rules.

By itself, Logstash is no direct competition for Splunk, but it's part of a stack of components that compete as a whole. The so-called ELK -- Elasticsearch (search), Logstash (ingestion and processing), and Kibana (reporting and visualization) -- stack is a bit more plastic than Splunk in that it's an Apache-licensed open source endeavor. It also has a lower barrier to entry than Splunk as far as cost is concerned, as the entire stack can be used for free, but for-pay support plans are available

Elasticsearch's list of features for the 1.4 version of Logstash include a faster installation process and startup for the software, plus a revised and simplified plug-in system that lets users write their own input, filtering, and output drivers. Most significant is a redesigned set of modules for Puppet, allowing Logstash deployments to be automated through Puppet on a physical server or a VM. (Docker support for Logstash also exists courtesy of Arcus.io.)

Elasticsearch also has been commercializing Logstash by monetizing analytics, a tactic that hearkens back to the methods used by New Relic and Famo.us: In Elasticsearch's case, it's through its Marvel product, which manages and reports back on Elasticsearch nodes. Developers can use Marvel for free, but production use is $500 per year for the first five nodes.

So far, the biggest distinction between Splunk and its competition is how they're productized. Splunk's a proprietary item, but with the emphasis on it being a product and not simply a technology stack. The competition still largely consists of open source stacks rather than actual services, but it's clear the gap between what Splunk offers at a cost and what others offer for free is closing.